Thank you

We respond to all inquiries as quickly as possible – often the same day. If you need to speak with us right away please contact us by phone.

Loading...

Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Sometimes pentesters and security researchers need to modify existing Java application but have no access to its source. For example, it might be necessary to adjust the logic a bit to see how the application works in certain specific conditions....

We have recently released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches...

The seventh entry on the most recent OWASP Top 10 release (from 2013, due to the 2017 release candidate being rejected!) is "Missing Function Level Access Control", which is essentially what leads to Privilege Escalation issues. This common vulnerability related...

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight the...

Recently we announced the first release candidate for libModSecurity (also as known as ModSecurity version 3). The goal was to turn ModSecurity into a mature library that could be used seamlessly regardless of web server or platform. The motivations for...

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches for...

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight the...

We have just released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight...

Introduction Cross-Site Request Forgery (CSRF) attacks are well established and understood, having been in the OWASP top ten for ten years. For those of you not so familiar with this vulnerability, it takes place when a user can be coerced...

I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U by SolarWinds. This vulnerability granted me administrative privileges to the Serv-U application, and, allowed for remote...

After patching set of issues reported by Trustwave SpiderLabs last month, Lenovo released another version of its Lenovo Solution Center software to address new security holes. Specifically, we at Trustwave SpiderLabs found that the new version (3.3.002), even though significantly...

Trustwave has reported several issues in Lenovo software in the past. Last week Lenovo published an advisory (https://support.lenovo.com/us/en/product_security/len_4326) for Lenovo Solution Center. Now that Lenovo customers have had some time to patch their systems, we will take a deeper look...

Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping cart application. The vulnerabilities affect Zen Cart...

While researching inter-process communication on Mac OS X, I found a small security issue with Sophos Anti-Virus for Mac: any local user can remove arbitrary files on the system via the Update functionality of the product. This specific issue was...

Trustwave SpiderLabs published an advisory today in conjunction with Magnolia International Ltd. for multiple cross-site scripting vulnerabilities in the Magnolia CMS product. Magnolia CMS is an open source, java based, web content management system. The vulnerabilities, discovered by Michel Chamberland,...

In continuation of this post: https://www.trustwave.com/Resources/SpiderLabs-Blog/Debugging-SAP-ASE--NET-Provider-Issues/ Recently we stumbled upon an issue in DevArt dotConnect for Oracle component (8.5.583): supplying an overly long Oracle Database username results in a crash with memory corruption message. This doesn't happen on every run...

They say that with great power comes great responsibility. In the world of websites the more popular your website is the greater your responsibility, and being responsible means, amongst other things, keeping your systems up-to-date. We've recently come across an...

Have you ever wondered if all that informal training you do with your friends & family is paying off? When you say things like "use trusted sites" or "don't give your password to anyone" you wonder if they'll remember those...

We've just released a new version (4.39) of Corsigs for users of Trustwave Web Application Firewall (WAF) version 7.0. These new rules help protect customer applications against malicious traffic targeting the vulnerabilities listed below. Release Summary Joomla SQL Injection (CVE-2015-7857)...

Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come to light. Lenovo patched the first of a batch of these vulnerabilities in spring of this year. I decided to take a deeper look...

Stay Connected

Subscribe

Sign up to receive the latest security news
and trends from Trustwave.

No spam, unsubscribe at any time.

Trending Topics

All Trending

ModSecurity

Application Security

Malware

ModSecurity Rules

Penetration Testing

SpiderLabs Radio

MAPP

Advisories

Tools

Ready to Get Started?

Our specialists are ready to tailor our security service solutions to fit the needs of your organization.